Android crowned the king of mobile malware, report finds

Android is the target of almost 80 percent of mobile malware, with more than 300 threats detected and noted by security firm F-Secure in a report this week. In the fourth quarter of 2012 alone, 96 new variants of Android threats were discovered, almost twice as many as over the summer.

Much of the malware aimed at Android users is intended to make money through text messages sent to premium numbers without the user’s consent or knowledge. This tactic generated 21 new variants of malware, F-Secure reported. Also prominent are banking Trojans that steal the mobile Transaction Authentication Number (mTAN) banks send to customers via SMS to validate an online banking transaction. Using this number, hackers can transfer money from the victims’ account. One such Trojan, Eurograbber, was used to steal $47 million from more than 30,000 retail and corporate accounts in Europe, according to a Bank Info Security report.

F-Secure

How unsafe, really?

While the number of Android malware threats seems on a steady increase, users shouldn't panic. For one thing, consider, first, the source of the report: F-Secure sells mobile security software, starting at $40 per year for a license.

Then, just as Windows dominates on PCs, Android is the most popular smartphone platform in the world, which makes it a primary target of malware attacks. F-Secure notes in its report that in 2010 Symbian was the platform that drew the most attention from hackers, but as the OS lost popularity, Android has taken its place as the largest target.

The open nature of Android also makes it the primary target for malware, as apps in Google Play are not vetted before publishing and users can install apps from third-party and unauthorized app stores. Apple, which keeps strict approval rules for its App Store and does not allow third-party app stores, has the second most popular OS—but its share of malware is a only blip at 0.7 percent in the F-Secure report, and presumably those are targeted at jailbroken iPhones with access to unapproved or pirated apps.

Fighting malware

The F-Secure report does not address the a key issue of Android malware: How it gets installed on users' phones. Most of these threats do not come from apps in Google Play, although a few have found their way onto the site. The likelier sources are third-party app stores and websites that offer pirated paid games and apps that contain an Easter egg designed to drain your phone bill. F-Secure noted that 66 percent of its detected malware programs were Trojan horse programs, disguised as genuine apps.

The fact that almost half of Android users are using a two-year-old versions of the OS (Gingerbread 2.X and Honeycomb 3.X) does not help ensure security on the platform, either. Many manufacturers have been slow to update their devices or don't even bother. Only 15 percent of Android devices are running the latest version of the OS, Jelly Bean, according to Google’s own stats.